By default, OVS bridges use standalone fail-mode, which means it is configured with a single row with the NORMAL action as its OpenFlow table. Upon system reboot, an integration bridge with many ports and such a table could create broadcast storms and duplicate packets. That is why ovn-controller creates the integration bridge with secure fail-mode. Under that mode, the OpenFlow table remains empty until the controller populates it, which could happen many seconds after the bridge is operational. Unfortunately, the fail-mode setting was not being done if the bridge was already created by the time ovn-controller starts. This change fixes that and logs a warning should the fail-mode ever needed to be corrected.
Reported-at: https://bugzilla.redhat.com/1957025 Signed-off-by: Flavio Fernandes <[email protected]> --- controller/ovn-controller.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 6106a9661..e4cbf3583 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -401,6 +401,12 @@ process_br_int(struct ovsdb_idl_txn *ovs_idl_txn, ovs_table); if (!br_int) { br_int = create_br_int(ovs_idl_txn, ovs_table); + } else if (ovs_idl_txn) { + const char *fail_mode = br_int->fail_mode; + if (!fail_mode || strcmp(fail_mode, "secure")) { + ovsrec_bridge_set_fail_mode(br_int, "secure"); + VLOG_WARN("Integration bridge fail-mode set to secure."); + } } if (br_int && ovs_idl_txn) { const struct ovsrec_open_vswitch *cfg; -- 2.25.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
